Without interface flow limiting, it may lead to server load imbalance, brute force password cracking, malicious requests, extra server charges, denial of service attacks, etc.

Therefore it is necessary to do a good job of interface flow limiting.

How to do interface current limiting? There are 4 common interface current limiting algorithms:

1.Fixed window counter

For example, there is a limit of 10 requests per hour, and anything over 10 is simply discarded. It has the disadvantage that sometimes more than 10 requests are sent, up to a maximum of 2 times. For example, if the fixed window is a full hour, 10 requests are sent between 8:50 and 9:00, and another 10 requests are sent between 9:00 and 9:10, which are released, but 20 requests are sent in the hour between 8:50 and 9:50.

2.Sliding window counter

This solves the problem of 1, but the higher the accuracy of the time interval division, the larger the space capacity required by the algorithm.

3.Leaky Bucket Algorithm

The leaky bucket algorithm is mostly implemented using a queue, where requests for services are stored in the queue, and the service provider takes requests out of the queue and executes them at a fixed rate, while too many requests are placed in the queue and queued or rejected directly. The drawback of the leaky bucket algorithm is obvious, when there is a large number of burst requests in a short period of time, even if there is no load on the server at that time, each request has to wait in the queue for some time before it can be responded.

4.Token Bucket Algorithm

Tokens are generated at a fixed rate. The generated tokens are stored in a token bucket. If the token bucket is full, the extra tokens are discarded directly, and when a request arrives, an attempt is made to fetch a token from the token bucket. If the bucket is empty, then requests that try to fetch tokens are discarded. The token bucket algorithm is able to both distribute all requests evenly over the time interval and accept burst requests that are within the server's reach.

Some of you may ask, why not limit the flow based on IP address? Actually, it can be done, just not so mainstream.

Since you have to restrict the flow based on IP address, two problems will arise, one is the preservation of IP address is a problem, if the interface is a cluster, you also have to save the IP address in a centralized database, preferably redis. two is that it will mislead the normal request, because a large LAN, whose exit IP is one, then restricting the request of this IP may cause the normal user to be trapped. .

The easiest and most practical of the above 4 methods is the sliding window counter.

Django REST Framework comes with flow limiting:

REST_FRAMEWORK = {
    'DEFAULT_THROTTLE_CLASSES': [
        'rest_framework.throttling.AnonRateThrottle',
        'rest_framework.throttling.UserRateThrottle'
    ],
    'DEFAULT_THROTTLE_RATES': {
        'anon': '100/day',
        'user': '1000/day'
    }
}

Here we share 3 ways to limit the flow of FastAPI:

1.slowapi

slowapi has been adapted from flask-limiter, and the counter is stored in memory by default, as follows:

from fastapi import FastAPI
from slowapi.errors import RateLimitExceeded
from slowapi import Limiter, _rate_limit_exceeded_handler
from slowapi.util import get_remote_address


limiter = Limiter(key_func=get_remote_address)
app = FastAPI()
app.state.limiter = limiter
app.add_exception_handler(RateLimitExceeded, _rate_limit_exceeded_handler)

@app.get("/home")
@limiter.limit("5/minute")
async def homepage(request: Request):
    return PlainTextResponse("test")

@app.get("/mars")
@limiter.limit("5/minute")
async def homepage(request: Request, response: Response):
    return {"key": "value"}

2.fastapi-limiter

Need a redis to hold the counter:

import aioredis
import uvicorn
from fastapi import Depends, FastAPI

from fastapi_limiter import FastAPILimiter
from fastapi_limiter.depends import RateLimiter

app = FastAPI()


@app.on_event("startup")
async def startup():
    redis = await aioredis.create_redis_pool("redis://localhost")
    FastAPILimiter.init(redis)


@app.get("/", dependencies=[Depends(RateLimiter(times=2, seconds=5))])
async def index():
    return {"msg": "Hello World"}


if __name__ == "__main__":
    uvicorn.run("main:app", debug=True, reload=True)

3.asgi-ratelimit

For example, blocking a specific user for 60 seconds after exceeding the five accesses per second limit:

app.add_middleware(
    RateLimitMiddleware,
    authenticate=AUTH_FUNCTION,
    backend=RedisBackend(),
    config={
        r"^/user": [Rule(second=5, block_time=60)],
    },
)

Above recommended slowapi, because the star is currently the most.

Related articles

Replacing excel with Mito

Mito is a spreadsheet library in Python. If you can edit Excel files, you can write code. That's because for every action we perform in a table, Mito will automatically generate the corresponding Python code. Say goodbye to repetitive and boring operation

Python face recognition algorithm

Today we give you a summary of a few simple and good face recognition algorithms. Face recognition is a relatively common technology in computer vision. In life, the face recognition scenario that we have the most contact with is face attendance.

Three ways to parse parameters in Python

Like the diagram above, we have a standard structure to organize our small projects: The folder named data that contains our dataset train.py file The options.py file for specifying hyperparameters

Seaborn draws 11 bar charts

This article is about how to use seaborn to draw various bar charts Base Bar Chart Horizontal Bar Chart Title Settings DataFrame based drawing hue parameter setting Color processing Multi-dimensional processing

Tips for speeding up pandas

When people talk about data analysis, the most mentioned languages are Python and SQL. python is suitable for data analysis because it has many powerful third-party libraries to assist, pandas being one of them. pandas is described in the documentation as

Speed up pandas with Modin

Modin exists for a reason: to change one line of code to speed up the pandas workflow.Pandas needs no introduction in the field of data science, providing high-performance, easy-to-use data structures and data analysis tools. However, when dealing

How to open a txt file in python

Two ways to open a file f = open("data.txt","r") #Setting the file object f.close() #Close file #For convenience, and to avoid forgetting to close the file object, you can use the following instead

python how to add new content to the dictionary

Adding new content to the dictionary is done by adding new key/value pairs, modifying or deleting existing key/value pairs as shown in the following examples: #!/usr/bin/python dict = {'Name': 'Zara', 'Age': 7, 'Class': 'First'}

python how to get the current file path

Python method for getting the current path. import os,sys Use sys.path[0], sys.argv[0], os.getcwd(), os.path.abspath(__file__), os.path.realpath(__file__)